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DETAILED ACTION 

1. 

Claims 1-6 are cancelled 

Claims 7-10, 12-13, 19, 21-24 have been amended 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

Claims 7-31 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Terzis (20040243835) in view of Lambert (20020099952). 
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Regarding Claim 7, 

Terzis teaches an object model for managing a service on a computer, the object 
model comprising: 

A policy object model for specifying 

by a first user, at least one first policy that the service supports in a packet- 
centric form ("the subsystems include a firewall... The firewall operates at layer 4 
(transport) . . . The firewall serves to prevent unauthorized access of a network. . .by filtering out 
packets that originate from unauthorized users or sources. Performing filtering of packets can 
be effective in deterring certain types of unauthorized access attempts, but requires inspection 
of each packet" Paragraph [0089]) ("The resource access rules are used to control which 
users have access to what resources. The resource access rules define priority... The priority 
assigns a priority to the rule as each new incoming flow is evaluated against each of the policy 
rules according to their priority" Paragraph [0120]) and 

by a second user, at least one second policy by selecting a security level from a 
plurality of security levels, with each security level from the plurality of security levels 
being previously set for a specified user ("the policy engine talks to the components on the 
data plane to install and remove filters in response to policy rules, " Paragraph [0062]) ("The 
policies can be determined both by the identity of the user as well as by the group the user is 
associated with... Based on the policies associated with that user, a set of specific access rules 
are generated that enable the subsystems to provide filtering and deny access to prohibited 
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resources and services" Paragraph [0089]) ("The resource access rules are used to control 
which users have access to what resources. The resource access rules define... permission 
level" Paragraph [0120]) The Examiner interprets permission level as the security level. 

A policy engine platform for interacting of the first user with the at least one first 
policy and of the second user with the at least one second policy, and to provide the at 
least one first policy and the at least one second policy to at least one component that 
performs the service. 

("The policy interpreter interfaces to the SNMP Agent, " Paragraph [0064], Fig 7.) 
The Examiner interprets the policy object model as the "policy engine" and policy 
engine platform as "policy interpreter." 

As seen in Fig. 7, the Policy Interpreter acts as an intermediary between the 
SNMP agent and the Policy engine. Because the purpose of a SNMP agent is to 
facilitate information between network components and the purpose of the policy 
engine is to provide policies, it is inherent that the policy interpreter will provide one or 
more policies of which one will actually perform the service. 

Terzis does not explicitly teach if it has been determined that the first user is 
authorized to perform the specification by comparing a rank of the first user against a 
permitted rank. The Examiner interprets a permitted rank as the priority level, as 
described by the Applicant in pg. 8 of Remarks, "A policy provider is associated with a 
particular priority class or level" (Paragraph [0051] of Specification). 

Lambert teaches determining whether a first user is authorized to perform the 
specification by comparing a rank of the first user to a permitted rank before specifying 
a policy, ("the group policy objects. . .may be provided by administrators per site, domain, 
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organizational unit, group and user. Among other things, group policy technology also provides 
a flexible and hierarchical way in which each administrator can establish which policies will win 
out over others if multiple policies conflict For example, site policies can be set up to prevail 
over domain policies, which in turn can be set up to prevail over organizational unit policies...:" 
Paragraph [0080]) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the object model of Terzis with the policy provider priority ranking 
system of Lambert. 

The motivation is that Lambert teaches a well known way to deal with conflicts 
with group policy objects. 

Regarding Claims 8 -1 0, 

Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the policy engine platform comprises a rule editor for adding an additional 
policy by said first user in accordance with the policy object model, wherein the rule 
editor is also configured to delete a policy by said first user, wherein the rule editor is 
also configured by said first user to edit a policy. 

("The interface between the policy engine and the SNMP agent may be used to add and 
delete policy objects" Paragraph [0064]) 

The Examiner interprets that editing a policy is the same as adding or deleting a 
policy. The Examiner interprets the first user to be an administrator that implements 
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packet-centric policies. (The security rules 690 may describe how packets matching the 
source, destination objects should be secured. Paragraph [0130]) 

Regarding Claims 11 and 12, 

Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the policy engine platform comprises a setting editor configured to 
automatically generate a policy based upon an application and user combination, 
wherein the setting editor generates a plurality of policies, and is further configured to 
permit said second user to select from the plurality of policies. 

("After a user has successfully logged [in]. . .the Launch-pad module may contact the 
policy engine to receive the list of resources that are available to that user. ..Once fount the 
policy user may return each of the resources in those rules back to the Launch-pad module, 
Paragraph [0065]) 

Where the Launch-pad is defined as a user interface in Paragraph 100. The 
launch pad screen is capable of displaying "applications.. .that are specifically made 
available to that user (Paragraph 106). 

The Examiner interprets the second user to be an administrator that implements 
user-centric policies. (The resource access rules are used to control which users have 
access to what resources. Paragraph [0120]) 



Regarding Claim 13, 
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Terzis and Lambert teach the object model of claim 12, Terzis further teaches 
wherein the setting editor is further configured by said second user.to permit setting 
one of the plurality of policies as a default policy. 

("generating, based on the access policies, at least one access rule for each of a 
plurality of security system sublayers, " Claim 1) 

The Examiner interprets the at least one access rule as the default policy. 

The Examiner interprets the second user to be an administrator that implements 
user-centric policies. (The resource access rules are used to control which users have 
access to what resources. Paragraph [0120]) 

Regarding Claim 14, 

Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the policy engine platform comprises a rule explorer for providing a view of the 
at least one first policy and the at least one second policy. 

Because the policy interpreter interfaces between the SNMP agent and the policy 
engine (Fig. 7) it is inherent that there will be a component that allows a view of one or 
more of the policies. 

Regarding Claim 15, 
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Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the policy object model comprises a policyrule object usable to generate 
policy, the policyrule object comprising a condition property and an action property, 
wherein a policy generated by the policyrule object is configured to perform an action in 
the action property responsive to a condition in the condition property being met. (Fig. 
6, 670) 

Regarding Claim 16, 

Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the service is a firewall service. ("According to one embodiment the rules are 
generated and installed at the firewall level" Paragraph [0019]) 

Regarding Claim 17, 

Terzis and Lambert teach the object model of claim 7, Terzis further teaches 
wherein the policy engine platform is configured to deny providing said one or more 
policies to the component if a requester is not authorized. ("Based on the policies 
associated with that user, a set of specific access rules are generated that enable the 
subsystems to provide filtering and deny access to prohibited resources and services. " 
Paragraph [0088]) 
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Terzis and Lambert teach the object model of claim 17, Terzis further teaches 
wherein determining whether a requester is authorized comprises comparing a 
provider rank for the requester against a permitted rank, and if the provider rank for the 
requestor does not meet or exceed the permitted rank, denying the requester. (Fig 6. 
675, PermissionLevel) 

The Examiner interprets the parameter PermissionLevel under the Resource 
Access Rules as rank. Where the PermissionLevel is checked against a permitted 
PermissionLevel and if the PermissionLevel does not meet or exceed the permitted 
rank, to deny the requestor. 

Regarding Claim 19, 

Terzis and Lambert teach a method of managing a service on a computer, the 
method comprising: 

specifying, via a policy object model, by a first user , one or more policies that the 
service supports in a packet-centric form ("the subsystems include a firewall... The firewall 
operates at layer 4 (transport)... The firewall serves to prevent unauthorized access of a 
network. . .by filtering out packets that originate from unauthorized users or sources. Performing 
filtering of packets can be effective in deterring certain types of unauthorized access attempts, 
but requires inspection of each packet" Paragraph [0089]), and, by a second user, at least 
one second policy by selecting a security level from a plurality of security levels, with 
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each security level from the plurality of security levels being previously set for a 
specified application and a specified user; ("The policy engine talks to the components on 
the data plane to install and remove filters in response to policy rules, " Paragraph [0062]) ("The 
resource access rules are used to control which users have access to what resources. The 
resource access rules define... permission level" Paragraph [0120]) The Examiner interprets 
permission level as the security level. 

and interacting, via a policy engine platform, of said first user at least one first 
policy specified in said packet-centric form, and of said second user with said one or 
more policies specified in said user-centric form and/or said application-centric form; 
( "the Launch-pad module may contact the policy engine to receive the list of resources that are 
available" Paragraph [0065]) ("The resource access rules are used to control which users have 
access to what resources. The resource access rules define... permission level" Paragraph 
[0120]) The Examiner interprets permission level as the security level. 

and providing, via the policy engine platform, said one or more policies to said at 
least one component that actually performs the service. ("Once found the policy engine 
may return each of the resources in those rules back to the Launch-pad module" Paragraph 
[0065]) 

Terzis teaches "the. subsystems include a firewall. . . The firewall operates at layer 4 
(transport) . . . The firewall serves to prevent unauthorized access of a network. ..by filtering out 
packets that originate from unauthorized users or sources. Performing filtering of packets can 
be effective in deterring certain types of unauthorized access attempts, but requires inspection 
of each packet. (Paragraph [0089])." Terzis further teaches ""The policies can be determined 
both by the identity of the user as well as by the group the user is associated with.. .Based on 
the policies associated with that user, a set of specific access rules are generated that enable 
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the subsystems to provide filtering and deny access to prohibited resources and services" 
Paragraph [0089]) 

The Examiner interprets the first user to be an administrator that implements 
packet-centric policies. (The security rules 690 may describe how packets matching the 
source, destination objects should be secured. Paragraph [0130]) 

The Examiner interprets the second user to be an administrator that implements 
user-centric policies. (The resource access rules are used to control which users have 
access to what resources. Paragraph [0120]) 

Terzis does not explicitly teach if it has been determined that the first user is 
authorized to perform the specification by comparing a rank of the first user against a 
permitted rank. The Examiner interprets a permitted rank as the priority level, as 
described by the Applicant in pg. 8 of Remarks, "A policy provider is associated with a 
particular priority class or level" (Paragraph [0051] of Specification). 

Lambert teaches determining whether a first user is authorized to perform the 
specification by comparing a rank of the first user to a permitted rank before specifying 
a policy, ("the group policy objects. . .may be provided by administrators per site, domain, 
organizational unit, group and user. Among other things, group policy technology also provides 
a flexible and hierarchical way in which each administrator can establish which policies will win 
out over others if multiple policies conflict. For example, site policies can be set up to prevail 
over domain policies, which in turn can be set up to prevail over organizational unit policies. ..." 
Paragraph [0080]) 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the object model of Terzis with the policy provider priority ranking 
system of Lambert. 

The motivation is that Lambert teaches a well known way to deal with conflicts 
with group policy objects. 

Regarding Claim 20, 

Terzis and Lambert teach the method of claim 19, Terzis further teaches further 
comprising automatically generating a policy based upon an application and user 
combination. "After a user has successfully logged into the MACSS, the Launch-pad module 
may contact the policy engine to receive the list of resources that are available to that user, " 
Paragraph [0065]) 

Regarding Claim 21, 

Terzis and Lambert teach the method of claim 20, Terzis further teaches further 
comprising generates a plurality of policies, and permitting a user to select from the 
plurality of policies . ("Once found the policy engine may return each of the resources in those 
rules back to the Launch-pad module" Paragraph [0065]) 

As described before the Launch-pad module is a user interface. Examples can 
be found in Fig. 4 and Fig. 5. 
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Regarding Claim 22, 

Terzis and Lambert teach the method of claim 21 , Terzis further teaches further 
comprising setting one of the plurality of policies as a default policy, ("generating, based 
on the access policies, at least one access rule for each of a plurality of security system 
sublayers," Claim 1) 

The Examiner interprets the at least one access rule as the default policy. 

Regarding Claim 23, 

Terzis and Lambert teach the method of claim 22, Terzis further teaches further 
comprising authorizing a user prior to allowing the user to select the at least one policy 
from the plurality of policies. 

It is inherent that the system administrator is authorized prior to selecting one 
policy from a plurality of policies. ("A system administrator uses user interfaces... to create 
access/security rules that allow users access to specific network resources based on a variety 
of parameters" Paragraph [0056]) 

Regarding Claim 24, 

Terzis and Lambert teach an object model embodied on a computer-readable 
medium for managing a firewall service on a computer, the object model comprising a 
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policy object model used to specify, by a first user,_ one or more policies that the 
firewall service supports in a packet-centric form, and, by a second user at least one 
second policy by selectin g a security level from a plurality of security levels, with each 
security level from the plurality of security levels being previously set for a specified 
application and a specified user f The resource access rules are used to control which 
users have access to what resources. The resource access rules define... permission level" 
Paragraph [0120], The Examiner interprets permission level as the security level), the policy 
model comprising a policyrule object usable to generate policy (Fig. 6, PolicyRule, 670), 
the policyrule object comprising a condition property and an action property, wherein a 
policy generated by the policyrule object is configured to perform an action in the action 
property responsive to a condition in the condition property being met. 

It is inherent that the policy rule is configured to perform an action responsive to 
a condition being met. 

Terzis teaches "the subsystems include a firewall. . . The firewall operates at layer 4 
(transport) . . . The firewall serves to prevent unauthorized access of a network. . .by filtering out 
packets that originate from unauthorized users or sources. Performing filtering of packets can 
be effective in deterring certain types of unauthorized access attempts, but requires inspection 
of each packet. (Paragraph [0089]). " Terzis further teaches ""The policies can be determined 
both by the identity of the user as well as by the group the user is associated with . ..Based on 
the policies associated with that user, a set of specific access rules are generated that enable 
the subsystems to provide filtering and deny access to prohibited resources and services" 
Paragraph [0089]) 
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The Examiner interprets the first user to be an administrator that implements 
packet-centric policies. (77?e security rules 690 may describe how packets matching the 
source, destination objects should be secured. Paragraph [0130]) 

The Examiner interprets the second user to be an administrator that implements 
user-centric policies. (The resource access rules are used to control which users have 
access to what resources. Paragraph [0120]) 

Terzis does not explicitly teach if it has been determined that the first user is 
authorized to perform the specification by comparing a rank of the first user against a 
permitted rank. The Examiner interprets a permitted rank as the priority level, as 
described by the Applicant in pg. 8 of Remarks, "A policy provider is associated with a 
particular priority class or level" (Paragraph [0051] of Specification). 

Lambert teaches determining whether a first user is authorized to perform the 
specification by comparing a rank of the first user to a permitted rank before specifying 
a policy, ("the group policy objects. . .may be provided by administrators per site, domain, 
organizational unit, group and user. Among other things, group policy technology also provides 
a flexible and hierarchical way in which each administrator can establish which policies will win 
out over others if multiple policies conflict. For example, site policies can be set up to prevail 
over domain policies, which in turn can be set up to prevail over organizational unit policies. ..." 
Paragraph [0080]) 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the object model of Terzis with the policy provider priority ranking 
system of Lambert. 
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The motivation is that Lambert teaches a well known way to deal with conflicts 
with group policy objects. 

Regarding Claim 25, 

Terzis and Lambert teach the object model of claim 24, Terzis further teaches 
further comprising an IPSecRule derived from the policyrule object, the IPSecRule 
being configured to trigger an IPSec callout when an IPSec condition is matched, and 
to indicate configuration parameters for securing traffic related to the callout. (Fig. 14, 
1440). 

The services dispatcher connects to the launch-pad which connects to the policy 
engine. 

Regarding Claim 26, 

Terzis and Lambert teach the object model of claim 25, Terzis further teaches 
wherein the IPSecRule evaluates a standard 5-tuple to determine if a condition has 
been met. (Fig. 11) 



Regarding Claim 27, 
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Terzis and Lambert teach the object model of claim 24, Terzis further teaches 
further comprising a KeyingModuleRule derived from the policyrule object, the 
KeyingModuleRule being configured to select which key negotiation module to use 
when there is no existing secure channel to a remote peer. 

("The key exchange field specifies how keys are exchanged and determines what key 
parameters will be used. " Paragraph [01 30]) 

The Examiner interprets key negotiation as key exchange. The Examiner notes 
that the key exchange field is part of the security rules, which is part of the policy rules. 

Regarding Claim 28, 

Terzis and Lambert teach the object model of claim 27, Terzis further teaches 
wherein the KeyingModuleRule evaluates a standard 5-tuple to determine if a condition 
has been met. (Fig. 11) 

Regarding Claim 29, 

Terzis and Lambert teach the object model of claim 24, Terzis further teaches 
further comprising a IKERule derived from the policyrule object and configured to 
specify the parameters for carrying out Internet Key Exchange key negotiation protocol. 
(Fig. 14, IKE) 
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Terzis and Lambert teach the.object model of claim 29, Terzis further teaches 
wherein the IKERule evaluates a local address and a remote address to determine if a 
condition has been met. This step is inherent in IKE protocol. 

Regarding Claim 31, 

Terzis and Lambert teach the object model of claim 29, Terzis further teaches 
wherein the IKERule comprises an IKEAction action property that defines the 
authentication methods for performing Internet Key Exchange key negotiation protocol. 
( "The key exchange field specifies how keys are exchanged and determines what key 
parameters will be used." Paragraph [0130]) 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 8-5:30, Alternate Fridays 
Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ R. SHEIKH can be reached on (571)272-3795. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



HCW 



' AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




